Welcome to Splunk Answers, a Q&A forum for users to find answers to questions about deploying, managing, and using Splunk products. Contributors of all backgrounds and levels of expertise come here to find solutions to their issues, and to help other users in the Splunk community with their own questions.

This quick tutorial will help you get started with key features to help you find the answers you need. You will receive 10 karma points upon successful completion!

Refine your search:

Is there an efficient way to learn Splunk?

2

I've used Splunk a couple of times now and end up evangelizing for it whenever I can. At the same time, I end up feeling pretty ignorant about Splunk most of the time. I'm often stumbling across features or hearing about them as part of an answer to a question. Case in point: I was just told about xyseries and stumbled across cdata.

Searhing through the docs and splunkbase, the materials and commentary are these features (and others) is often pretty thin. The docs I do find are usually well written and accurate - but thin. Am I missing something obvious? There doesn't seem to be a book about Splunk anywhere and yet there are clearly people that know every nook and cranny of the product.

Is there some maximally efficient way to learn Splunk? I've never found digging through other people's examples to work very well for me. Hoepfully, there's a huge manual somewhere that I've managed not to see.

I don't mind the sales pitch at all. While my main customer is a huge company in the US, I live in rural Australia. Sydney is about 6 hours away and Melbourne around 11 hours. A big town around here is anything around 9,000 people and up. So. I'm keen on on-line resources ;-) I would love to attend a Splunk conference if I can find the time and money.

The book misses the point that most Splunk documentation seems to be missing: the arcane art of importing data into Splunk.

Splunk seems to croak with simple CSV and TSV files, does not allow me any simple way (as even Excel does from 20 years ago) to indicate my column structure without the use of a dozen .cfg config files.

This is Chapter 2 in the book, a woeful half-attempt at anything useful. Merely asks us to download data from the book website and move on with "searching". Sorry, dear author, please spend a little time dealing with this in the next version.

Hi - Splunk can handle structured files, but that is not what it was designed for. Splunk was designed to handle large volumes of timestamped unstructured data, without a schema. As people apply Splunk to more & more use cases, needs like yours arise and Splunk is evolving to address a wider audience. This community is hundreds of people who who are freely contributing their time to help others apply Splunk efficiently. Please let us know how we can help you.And for the price you are paying, for the book and the help - it's a bargain!

As far as finding new commands, listening to the SplunkTalk podcast even some of their long term SE's still stumble upon features they didn't know about. So I wouldn't be surprised to keep finding new commands, even though it's 4.x it's still a fast moving product. I've always thought their docs were pretty complete and as long as I didn't go in expecting it to mean something it's been pretty clear as well.

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here. Closing this box indicates that you accept our Cookie Policy.